Adding support to verify UDP encapsulation ports
in IPsec inbound.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
sa->w10.s.udp_dst_port = 4500;
}
+ if (ipsec_xfrm->options.udp_ports_verify)
+ sa->w2.s.udp_ports_verify = 1;
+
offset = offsetof(struct roc_ot_ipsec_inb_sa, ctx);
/* Word offset for HW managed SA field */
sa->w0.s.hw_ctx_off = offset / 8;
uint64_t esn_en : 1;
uint64_t tport_l4_incr_csum : 1;
uint64_t ip_hdr_verify : 2;
- uint64_t rsvd5 : 1;
+ uint64_t udp_ports_verify : 1;
uint64_t rsvd2 : 7;
uint64_t async_mode : 1;
uint64_t esn_en : 1;
uint64_t tport_l4_incr_csum : 1;
uint64_t ip_hdr_verify : 2;
- uint64_t rsvd5 : 1;
+ uint64_t udp_ports_verify : 1;
uint64_t rsvd6 : 7;
uint64_t async_mode : 1;
sec_cap->ipsec.options.iv_gen_disable = 1;
#endif
} else {
+ sec_cap->ipsec.options.udp_ports_verify = 1;
if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
sec_cap->ipsec.options.tunnel_hdr_verify =
RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
git.droids-corp.org / dpdk.git / commitdiff